Internal auditors, having the required knowledge of risk management, organisational processes and internal
controls systems, could perform a number of activities for the organisation in order to assist in managing risks.
The Institute of Internal Auditors provides guidance to internal auditors indicating their related roles. Previous
studies (which do not include a South African perspective) suggest that internal auditors’ involvement in these
roles tend to differ between countries and could change over time. Additionally, while a key role for internal
auditors is to identify and evaluate risks within an organisation, little guidance is provided as to how internal
auditors should achieve this. This article explores internal auditors’ involvement in consulting and assurance
activities within South African private sector organisations, and secondly, how internal auditors identify and
evaluate risks within organisations. Data was collected by means of an online survey instrument, directed at
chief audit executives. Survey results indicated that internal auditors have a large degree of involvement in
providing assurance on risk functions, a moderate degree of involvement in providing consulting activities and
a limited degree of involvement in risk management roles. Internal auditors utilise previous experience and
various external sources of information, when identifying risks, and consider risk impact in both a qualitative
and quantitative manner. Statistical analysis reveals that the internal auditors’ degree of involvement in the
various roles differs in the manufacturing and financial services sectors.